El Diario del CISO El Diario del CISO (The CISO Journal) Edición 20 | Page 4

Influencers Adrian Sanabria Co-founder of Savage Security. When to purchase a ‘solution’ to your cybersecurity problem One thing that’s bothered me about the security industry is our propensity to immediately seek commercial solutions to our problems. Often, these commercial solutions are designed to become part of our daily security routines: they have dashboards, alerts, and other features. They have configurations or rulesets that need to be managed or tuned. Too often, a commercial ‘solution’ evolves to the point that it creates its own problems that need to be solved... My original title was “Data Security vs Data Protection[…]”, but an unfortunate number of people see these as pretty much the same thing, even interchangeable. Then I chose Cybersecurity instead of Data Security but that doesn’t cover all forms/formats of personal data, so I finally had to settle on Information Security. As for Data Protection, it’s not, in and of itself Privacy, and so on. But you see the problem already? If we can’t even agree on common terminology, how are we expected to ask the right people the right questions in order to solve our problems? The complete article is here Mikko Hypponen, Linus Nyman The Internet of (Vulnerable) Things: On Hypponen's Law, Security Engineering, and IoT Legislation The complete article is here Kareem Aly Investor at Thomvest Ventures Should you sell your cybersecurity startup? As an entrepreneur, you need a lot of things to go right. You need a novel idea, an effective go-to-market strategy, a robust team, funding — the list goes on. The rationale behind becoming an entrepreneur, pursuing a path where you are statistically more likely to fail, varies from individual to individual... The complete article is here David Froud Director at Core Concept Security. Information Security vs Privacy, are the Lines Blurring? The Internet of Things (IoT) and the resulting network- connectedness of everyday objects and appliances in our lives bring not only new features and possibilities, but also significant security concerns. These security concerns have resulted in vulnerabilities ranging from those limited in effect to a single device to vulnerabilities that have enabled IoT-based botnets to take over hundreds of thousands of devices to be used for illegal purposes. This article discusses the vulnerable nature of the IoT – as symbolized by Hypponen’s law – and the parts both manufacturers and consumers play in these vulnerabilities. This article makes the case for the importance of security engineering for IoT manufacturers, highlights some significant issues to help consumers address these vulnerabilities, and argues for legislation as perhaps the only reliable means of securing the Internet and its connected devices. The complete article is here